We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,678 News Articles

Hackers use Gmail IM service to steal login details

Webmail users urged to visit TinyURL link


Hackers are sending phishing emails to Gmail users via the Google Talk instant messaging system, Sophos has revealed.

The security firm said Gmail users were receiving unsolicited instant messages that urged them to view a video by clicking a TinyURL link.

However, the hoax link navigates to a website called ViddyHo, where web users are asked to enter their Gmail username and password.

"We're all used to receiving suspicious communications via email, but these attacks arrived via the instant chat system built into Gmail. As a result, more users may fall unwittingly into the trap," said Graham Cluley, senior technology consultant at Sophos.

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Research by Sophos revealed that 41 percent of web users have the same password for every site they visit. It is because of this Sophos is urging any victims of the hoax site to change the passwords on any site that shares the same log-in details as their Gmail account.

"If you think you might have been duped, make sure you change your Gmail password immediately otherwise your entire address book and all your correspondence, including information that you may have archived about other online accounts, will quickly become rich pickings for the hackers."

TinyURL has now blacklisted the site, so the link will no longer work. However, Sophos warned that there is nothing to stop the hackers using other URL shortening sites or setting up alternative phishing sites.

"The message is simple. You should always be wary of clicking on unsolicited links whether received over email or IM, and be extremely careful whenever a website asks you to enter your username and password for another site," added Cluley.

Gmail suffered a two-hour outage yesterday, which prevented a number of users of Google's webmail service accessing their accounts.

See also: Jack Straw's Hotmail account used to send hoax emails


IDG UK Sites

LG G Watch review: Android Wear smartwatch is the best around, so far

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

See Glasgow 2014 in UHD as history is made